[3497] in cryptography@c2.net mail archive
Netscape Wants MS to Weaken IE's SSL/RSA Handshake for Export
daemon@ATHENA.MIT.EDU (Vin McLellan)
Fri Oct 16 14:01:34 1998
Date: Fri, 16 Oct 1998 11:56:53 -0400
To: cryptography@c2.net
From: Vin McLellan <vin@shore.net>
This is a weird story. Comments on context, and other explanations
would be welcome.
_Vin
----------------------------------------
http://www.news.com/News/Item/0,4,27511,00.html?st.ne.1.head
O'Reilly addresses crypto laws
By Paul Festa
Staff Writer, CNET News.com
October 13, 1998, 5:40 p.m. PT
O'Reilly today posted an update of its server software to fix a crypto bug
that was making more than 60,000 secure Web sites potentially inaccessible
to users of new versions of Netscape Communications' Navigator.
O'Reilly's WebSite Professional 2.3.9 is designed to fix a problem that
didn't become apparent to O'Reilly or its users until Netscape corrected
what both O'Reilly and Netscape described as a technical violation of the
U.S. laws governing the export of cryptography technology.
Microsoft's Internet Explorer browser remains in violation of the
regulations, according to both Netscape and O'Reilly. Microsoft denies
that assertion.
The problem with WebSite Professional, and the purported export regulation
violations, concern the security protocol known as Secure Sockets Layer
SSL. SSL, which lets Web sites and browsers exchange encrypted data such
as credit card numbers, has two parts: a key exchange (or "handshake")
phase, in which the browser and server negotiate how they will encrypt the
actual data, and a data encryption phase.
Because of U.S. government export regulations, there are different limits
on the strength of the cryptography for export and domestic products. For
the data exchange phase, browsers and servers intended for export outside
the U.S. and Canada can use up to 40-bit strength crypto. For the
handshake phase, the limit is 512 bits.
The trouble with the domestic-strength (that is, the stronger version)
WebSite Professional is that without today's update it offers
export-strength (weaker) browsers a 1024-bit handshake, instead of a
512-bit handshake. That, O'Reilly acknowledges, is a violation of the
export regulations.
On the client side of the exchange, exportable versions of both Netscape's
Navigator browser--except for versions 4.06 and above--and Microsoft
Internet Explorer accept that 1024-bit handshake.
Now that Netscape is in compliance with the regulations, it is prodding
Microsoft to follow suit.
"Microsoft knows they're not in compliance with export regulations," said
Michael Mullany, product manager for Mission Control at Netscape. "They
should go fix IE."
O'Reilly weighed in with a similar assessment of Microsoft's position
vis-a-vis the export rules.
"Technically, it's a violation of the export-strength restrictions," said
Robert Denny, O'Reilly's lead developer for WebSite Professional.
"Microsoft is being more lenient than they probably should be."
Microsoft vehemently denied that IE falls afoul of crypto export rules.
"There is nothing here that is an actual export violation," said Jason
Garms, product manager for Windows NT security. "We take compliance with
government export laws very seriously."
Garms noted that Microsoft had applied for and was granted export approval
by the Commerce Department for IE, even with the 1024-bit handshake.
Regarding the handshake phase of an SSL session, the crypto export
regulations state: "The key exchange used in data encryption must be...a
public key algorithm with a key space less than or equal to a 512-bit
modulus...."
Garms noted that versions of SSL prior to SSL 3 did not support the
so-called stepping down, in which a domestic-strength server would offer
export-strength browsers a 512-bit handshake. So for SSL versions 1 and 2,
a 1024-bit handshake was the only possible variety. When SSL 3 was
introduced with the downward negotiation capability, offering 1024-bit
handshakes remained common practice, according to Garms.
So when Netscape brought its browser up to code, users with
export-strength Navigator versions 4.06 and above found themselves unable
to handshake with sites running WebSite Professional.
For sites that adopt O'Reilly's upgrade, the problem should disappear. For
its part, Microsoft it sticking by its guns.
"We currently have no plans to make any changes to the protocols that
we're shipping in this area," Garms said.
"It is the responsiblity of the U.S. government, not our competitors, to
determine if we're in compliance with U.S. export policies," he added.
Netscape's Mullany, while reiterating his view that Microsoft was
noncompliant, noted that the handshake was the less important of the two
SSL stages.
"We and Microsoft too, as far as I know, have always been in compliance
for the important part of SSL, which is the data transfer," Mullany said.
"The U.S. government really cares that we're compliant with that. The key
exchange is not as important."
-----
Vin McLellan + The Privacy Guild + <vin@shore.net>
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-- <@><@> --
